Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Hashing and Steganography This lesson talks about Hashing and Steganography. Hashing is a mathematical integrity checking process. You'll learn how it's configured, observe what it reveals and how it determines the integrity of an object and how it relates to the key encryption process. Steganography is the process of hiding information. In the second half of our lesson, you'll learn how Steganography works, what tools you can use to hide and reveal data, images, within other objects as part of the Steganographic process and why it's challenging to detect if you are unaware of Steganography technology. We close out this lesson with a discussion and examples of proven encryption technologies and what specifics you'll need to know for the Security+ Exam. [toggle_content title="Transcript"] The next topic we consider now is hashing. The hashing technique is a cryptographic hash function, takes the arbitrary block of data and produces a fixed length value which we call the hash value. This could be done to check for integrity because we take an arbitrary length and we get a fixed value, this value is called the hash value. Any time there is a modification to this it will reflect in the hash value. The hash value should change. When we do hashing we can inform the recipient about the hash value so that before they process the message they test the message as well. If the hash value is different from what is received, if the hash value advertised is different from what they get when they receive the message, they know not to trust the message. If the hash value they get on testing the message is the same as what was disclosed to them, they know to trust the message. Sometimes the vendors for purchase also advertise their purchase on the internet. The purchases are released on the internet and the hash value for each part is also advertised next to it. As the systems administrator we download the purchase. Before we use the purchase we would run the purchase through software that do hashing to see the hash value of the patch we've just downloaded. The hash value should correspond to the hash value advertised on the internet. If it does, then you know to trust the patch you've just downloaded but if the hash value is different you know that something has probably happened to the download and you know not to trust that download. Let's give an example. If someone were to change this message. This message is changed to read, if this message is changed to read, "The [greenway] stays only in the veins," It should not give us the same hash value. This should not happen. If we get a different hash value then we say the hashing algorithm is collusion resistant we have changed the message, we should get a different hash value and if we do we say, the hashing algorithm is collusion resistant. However, if we change the message but yet can force the hashing algorithm to give us the same hash value as that we say, the hashing algorithm is not collusion resistance. A hashing algorithm that is not collusion resistant cannot guarantee integrity. There has been modification to the message yet you can force it to give you the same hash value as the original message. That hashing algorithm is not collusion resistant. This could cause confusion for the recipients trusting a message that has been compromised. Hashing is also important when we do forensic analysis. We capture the evidence from the crime scene, we capture the evidence and because best practice is we work on the original as little as possible, what we want to do is, you want to hash the original. You capture an image of the original. Next you take the hash again of the image. Here we hashed the original. We get a certain hash value. Say we get a hash value AB754. You want to capture an image of the original, then you hash the image of the original again and you should get a corresponding value to the original. This way, you have the assurance that the image is an exact copy as the original. Then you know to trust the image and you work on the image. Where you don't get an exact duplicate of that you know that you don't have an exact image of the original. Best practice is that we hash the original, capture the image of the original then hash the image to give assurance that we are working on an exact copy as the original. Hashing plays a very important role when we do forensic analysis as well. Earlier on we discussed the use of asymmetry key encryption, where we have the public key and private key. Organizations usually have what is called a key escrow. The key escrow is the trusted 3rd party entity with which we safeguard copies of our keys for a time of need. It could be that within the organization you have an entity working with the keys, the private and public key. Maybe that person won't show up anymore, maybe they'll forget the keys or misplace the keys. We have to send someone to the key escrow to go retrieve these keys so that we still have access to the keys. They key escrow is very important for organizations that use symmetric key encryption. The key escrow is a trusted 3rd party entity with which copies of the keys are kept for a time of need. The next item we talk about is steganography. In steganography we hide the existence of information. Using software. We could hide information within other information. We use what is called the least significant bit. Usually, this is done within software. The files that we are trying to hide are hidden in a carrier file. Using the least significant bit of the carrier file we are able to hide the carried files which we don't want other people having access to. By using the least significant bit, it is possible that we do not distort the carrier files. If we look at the scenario you have, we call this the carrier file. This is what you allow people see so using the least significant bit of the carrier file we are able to hide our carried files within there. You could have several files. These could be picture files, audio files, hidden or text files, hidden in this message. These files would be your carried files. Several types of software exist to do this. The software would ask for your carrier file, using the least significant bit of the carrier file, it will break down the carried files and you could even use multiple carrier files. When people have access to your drives, your thumb drives or other files that is what they see. It could just be casual pictures of someone on vacation, pictures of me in France for example. Meanwhile, I have other files hidden within that. Users or malicious persons could employ this technology. The essence of this is to ensure confidentiality, only people who know about the technology or even have the password, can access the files provided they key in the right password when they extract these files using software that can extract it. This is steganography. It is possible to hide audio files in audio files, picture files in audio files, text files in picture files and even picture files within picture files can be hidden. It is a very inconspicuous way of moving messages way of moving messages unless people are aware of the technology, they cannot detect that files are hidden in other files. The use of proven technologies gives the highest level of assurance that whatever we are trying to encrypt will be very robust, the encryption methods will be robust, cannot be easily decrypted by anyone having unauthorized access to it. It gives assurance that we have positive results, every time we do our encryption. We Don't want to use software that is not tested. We don't also want to use software that is not trusted. We also don't want to use software that has not been proven to do what they say it does. The use of proven technologies gives that assurance that yes, our information is encrypted and we have confidence in the encryption. Elliptic curve cryptography involves the use of mathematics and curves to do the cryptography we have to carry out. It is an approach of public key cryptography that is based on the algebraic structure of elliptic curves over finite fields, doing these calculations. Elliptic curve cryptography operates on a smaller set of keys compared to other sets of encryption and it does this, it operates on a smaller set of keys for efficient performance. It also offers considerably greater security for a given key size and compact implementations for levels of security. The elliptic curves are calculated and drawn to do encryption and they operate on a smaller set of keys. It is very difficult to discuss elliptic curves on the exam without exposing the fact that you are using curves. The mention of mathematics tells you its elliptic curve. Mention of curves tells you its elliptic curves. The key word to look out for on the exam is that elliptic curves use a smaller set of keys. Next we talk about quantum cryptography. For quantum cryptography we are using the physical properties of light. Photons of light are being used in fiber network or environment to securely exchange messages between users. The photon measurements are conducted to see if there are any deviations in the measurements, we can then tell that maybe there has been possible eavesdropping on the traffic moving between a sender and a recipient. This concludes Section 6.1 of the security plus syllabus. [/toggle_content]
CISSP CISM CISA CHFI CSXF CEH, Cyber Security Specialist & Trainer
Subscribe to become an Insider Pro and get access to premium content such as: